[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 14/15: digest_auth_check(): check and report wrong algor
From: |
gnunet |
Subject: |
[libmicrohttpd] 14/15: digest_auth_check(): check and report wrong algorithm |
Date: |
Tue, 19 Jul 2022 16:51:22 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit d39ad79ab65647cbee62c6dc7c0971e61b9ff082
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Tue Jul 19 17:48:06 2022 +0300
digest_auth_check(): check and report wrong algorithm
---
src/include/microhttpd.h | 13 +++++++++----
src/microhttpd/digestauth.c | 13 +++++++++++++
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index a0b48506..c942efd4 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
* they are parsed as decimal numbers.
* Example: 0x01093001 = 1.9.30-1.
*/
-#define MHD_VERSION 0x00097520
+#define MHD_VERSION 0x00097521
/* If generic headers don't work on your platform, include headers
which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -4740,7 +4740,7 @@ enum MHD_DigestAuthAlgorithm
*
* All error values are zero or negative.
*
- * @note Available since #MHD_VERSION 0x00097518
+ * @note Available since #MHD_VERSION 0x00097521
*/
enum MHD_DigestAuthResult
{
@@ -4779,6 +4779,11 @@ enum MHD_DigestAuthResult
*/
MHD_DAUTH_WRONG_QOP = -5,
+ /**
+ * Wrong 'algorithm'.
+ */
+ MHD_DAUTH_WRONG_ALGO = -6,
+
/**
* Too large (>64 KiB) Authorization parameter value.
*/
@@ -4817,7 +4822,7 @@ enum MHD_DigestAuthResult
* @param algo the digest algorithms allowed for verification
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
- * @note Available since #MHD_VERSION 0x00097518
+ * @note Available since #MHD_VERSION 0x00097521
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
@@ -4843,7 +4848,7 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
* @param algo digest algorithms allowed for verification
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
- * @note Available since #MHD_VERSION 0x00097513
+ * @note Available since #MHD_VERSION 0x00097521
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 35dd0264..71561332 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -2034,6 +2034,19 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
return MHD_DAUTH_WRONG_QOP;
/* 'qop' valid */
+ /* Check 'algorithm' */
+ if (1)
+ {
+ const enum MHD_DigestAuthAlgo3 r_algo = get_rq_algo (params);
+ const enum MHD_DigestBaseAlgo p_algo = da->algo;
+ if ( (! ((MHD_DIGEST_AUTH_ALGO3_MD5 == r_algo) &&
+ (MHD_DIGEST_BASE_ALGO_MD5 == p_algo))) &&
+ (! ((MHD_DIGEST_AUTH_ALGO3_SHA256 == r_algo) &&
+ (MHD_DIGEST_BASE_ALGO_SHA256 == p_algo))) )
+ return MHD_DAUTH_WRONG_ALGO;
+ }
+ /* 'algorithm' valid */
+
/* ** Do basic nonce and nonce-counter checks (size, timestamp) ** */
/* Get 'nc' digital value */
unq_res = get_unquoted_param (¶ms->nc, tmp1, ptmp2, &tmp2_size,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] 12/15: microhttpd.h: added special enum for hash types, (continued)
- [libmicrohttpd] 12/15: microhttpd.h: added special enum for hash types, gnunet, 2022/07/19
- [libmicrohttpd] 04/15: mhd_str: added MHD_hex_to_bin() internal function, gnunet, 2022/07/19
- [libmicrohttpd] 09/15: Digest: check whether all required parameters are present before doing heavy calculations, gnunet, 2022/07/19
- [libmicrohttpd] 06/15: mhd_str: added macros for simple comparison against static strings, gnunet, 2022/07/19
- [libmicrohttpd] 08/15: Digest: use binary zero to separate get params in digest, gnunet, 2022/07/19
- [libmicrohttpd] 07/15: Added new functions MHD_digest_auth_get_request_info3() and MHD_digest_auth_get_username3(), gnunet, 2022/07/19
- [libmicrohttpd] 15/15: microhttpd.h: formatted some deprecation warnings, gnunet, 2022/07/19
- [libmicrohttpd] 10/15: Digest: moved URI match check to separate function, avoid one memcpy(), gnunet, 2022/07/19
- [libmicrohttpd] 11/15: digest_auth_check: mostly rewritten, simplified, optimised, gnunet, 2022/07/19
- [libmicrohttpd] 13/15: digest: small internal refactoring to clarify used hash type, gnunet, 2022/07/19
- [libmicrohttpd] 14/15: digest_auth_check(): check and report wrong algorithm,
gnunet <=